>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
include_once('config.php');
if(isset($_COOKIE['PHPSESSID'])){session_start();}
if(!isset($_SESSION['id'])){header('Location: '.BASEURL.'/login?returnto='.urlencode($_SERVER['REQUEST_URI']));}
include_once('db.php');
include_once('nonce.php');
include_once('rpc.php');
function getdisplayname($username)
{
static $cache=Array();
if(isset($cache[$username])){return $cache[$username];}
$user=explode('@', $username);
if(count($user)!=2){return $username;} // Invalid username, fall back on username
$obj=rpc_get($user[1], 'user/'.$user[0]);
if(isset($obj['error'])){return $username;} // RPC error, fall back on username
$cache[$username]=$obj['displayname'];
return $obj['displayname'];
}
$error='';
$info='';
// Resolve chain ID (and username of second party)
if(isset($path[2]) && $path[2]!='new' && $path[2]!='')
{
$chain=mysqli_real_escape_string($db, $path[2]);
$res=mysqli_query($db, 'select sender, recipient, subject from messages where user='.(int)$_SESSION['id'].' and chain="'.$chain.'" and latest');
if(!($res=mysqli_fetch_row($res)))
{
$error='Message chain not found';
}else{
$toname=$res[($res[0]==$_SESSION['name'].'@'.DOMAIN)?1:0];
$subject=$res[2];
}
}else{
$chain='';
if(isset($_POST['to'])){$toname=$_POST['to'];}
else if(isset($_GET['to'])){$toname=$_GET['to'];}
else{$toname='';}
$subject='';
}
// Check if we're blocking the user
$to_esc=mysqli_real_escape_string($db, $toname);
$res=mysqli_query($db, 'select user from userblocks where user='.(int)$_SESSION['id'].' and blocked="'.$to_esc.'" limit 1');
$blocked=mysqli_fetch_row($res);
// Send message
if($error=='' && ($path[2]!='new' || isset($_POST['to'])) && checknonce())
{
$touser=explode('@', $toname);
if(count($touser)!=2){$error=_('Invalid recipient');}
else if(isset($_POST['blockuser'])) // Handle blocking and unblocking
{
if($_POST['blockuser']==1)
{
mysqli_query($db, 'insert into userblocks(user, blocked) values('.(int)$_SESSION['id'].', "'.$to_esc.'")');
$info=sprintf(_('Blocked %s'), htmlentities($toname));
$blocked=true;
}else{
mysqli_query($db, 'delete from userblocks where user='.(int)$_SESSION['id'].' and blocked="'.$to_esc.'"');
$info=sprintf(_('Unblocked %s'), htmlentities($toname));
$blocked=false;
}
}
else if(!isset($_POST['msg']) || !isset($_POST['subject'])){$error=_('Missing message and/or subject');}
else if($blocked){$error=_('Cannot send messages to blocked users');}else{
// Store in DB
$subject=$_POST['subject'];
$from=mysqli_real_escape_string($db, $_SESSION['name'].'@'.DOMAIN);
$timestamp=mysqli_real_escape_string($db, date('Y-m-d H:i:s'));
$subject_esc=mysqli_real_escape_string($db, $subject);
$msg=mysqli_real_escape_string($db, $_POST['msg']);
$q='insert into messages(user, recipient, sender, sent, subject, message, msgread, latest'.(($chain=='')?'':', chain').') ';
$q.='values('.(int)$_SESSION['id'].', "'.$to_esc.'", "'.$from.'", "'.$timestamp.'", "'.$subject_esc.'", "'.$msg.'", true, true'.(($chain=='')?'':', "'.$chain.'"').')';
if(!mysqli_query($db, $q)){$error='Database error, message not sent';}else{
$id=(int)mysqli_insert_id($db);
if($chain=='') // Set chain ID for new chain
{
$path[2]=$id.'_'.DOMAIN;
$chain=mysqli_real_escape_string($db, $path[2]);
mysqli_query($db, 'update messages set chain="'.$chain.'" where id='.(int)$id);
}
// Send it to recipient's node
$msg=Array('subject'=>$subject,
'from'=>$_SESSION['name'],
'message'=>$_POST['msg'],
'chain'=>$path[2]);
$data=rpc_post($touser[1], 'messages/'.$touser[0], $msg);
if(isset($data['error']))
{
$error=$data['error'];
// Delete the failed message from database
mysqli_query($db, 'delete from messages where user='.(int)$_SESSION['id'].' and id='.$id);
}else{
$info=_('Message sent');
// Update 'latest' on messages which are now old
mysqli_query($db, 'update messages set latest=false where chain="'.$chain.'" and user='.(int)$_SESSION['id'].' and id!='.$id.' and sent<"'.$timestamp.'"');
}
}} // Error checks (and blocking)
}
$messages='';
$header='';
// One view for overview, one view for thread/new
if(!isset($path[2]) || $path[2]=='') // Overview
{
$header='
'._('To/From').'
'._('Subject').'
'._('Date').'
';
$res=mysqli_query($db, 'select id, recipient, sender, sent, subject, message, msgread, chain from messages where user='.(int)$_SESSION['id'].' and latest order by sent desc');
while($row=mysqli_fetch_assoc($res))
{
$user=(($row['recipient']==$_SESSION['name'].'@'.DOMAIN)?$row['sender']:$row['recipient']);
$user=''.htmlentities(getdisplayname($user)).'';
$subjectline=htmlentities($row['subject']);
$chain=htmlentities($row['chain']);
$aclass=($row['msgread']?'':' class="highlight"'); // Highlight link if unread
$messages.='
';
}
mysqli_query($db, 'update messages set msgread=true where user='.(int)$_SESSION['id'].' and chain="'.$chain.'" order by sent asc');
}
if($chain=='')
{
$to=' ';
}else{
$to=_('To:').' '.htmlentities($toname).' ';
}
if($error!=''){$info=''.$error.'';}
include_once('head.php');
?>